Difference between revisions of "IGTF:Distribution Build"
m |
|||
| Line 2: | Line 2: | ||
= Working with the CVS CA Repository = | = Working with the CVS CA Repository = | ||
| + | |||
| + | The CVS Repository is hosted at cvs.eugridpma.org at the Nikhef Data Processing facility in the secured services network (194.171.96.67). The CVS settings are | ||
| + | |||
| + | CVSROOT=:ext:''username''@cvs.eugridpma.org:/cvs/eugridpma | ||
| + | CVS_RSH=ssh | ||
| + | |||
| + | where ''username'' is the one assigned for ssh login (via cvs only!) to the TI for the PMA. The CVS repository contains two branches | ||
| + | * CA repository <tt>carep/</tt> hosting the trust anchors and the IGTF build tools | ||
| + | * utilities provided by the IGTF, including the old (v2) fetch-crl, the LCG and EGI build tools, the PMA expiration-warning tool, and the GFD.125 compliance test suite | ||
| + | |||
| + | When working with the CA repository, make sure it remains consistent and secure, and periodically check for intrusions by comparing with a local trusted host. The typical work flow is: | ||
| + | * go to your own secure build host | ||
| + | * do a "<tt>cvs update -A -R -d .</tt>" in the <tt>carep/</tt> directory | ||
| + | * '''review manually any changes imported'''! | ||
| + | * apply your own updates and carefully review them for compliance with the PMA status, GFD.125 and a valid signing_policy and namespaces file (for all accredited CAs) | ||
| + | * update the <tt>CHANGES</tt> file in the top-level directory | ||
| + | * do a "<tt>cvs commit</tt>" of the tree, checking if all changes made were found, and the CHANGES file updated | ||
= Build tools = | = Build tools = | ||
Revision as of 12:08, 22 July 2011
The International Grid Trust Federastion (IGTF) maintains a distribution of trust anchors for use by relying parties, based on a Common Source maintained by the chairs or trusted introducers of the member PMAs: David Groep for the EUGridPMA, Mike Helm for the TAGPMA, and Yoshio Tanaka for the APGridPMA APGridPMA. The Common Source is hosted on the EUGridPMA CVS Repository, alongside the build tools.
Working with the CVS CA Repository
The CVS Repository is hosted at cvs.eugridpma.org at the Nikhef Data Processing facility in the secured services network (194.171.96.67). The CVS settings are
CVSROOT=:ext:username@cvs.eugridpma.org:/cvs/eugridpma CVS_RSH=ssh
where username is the one assigned for ssh login (via cvs only!) to the TI for the PMA. The CVS repository contains two branches
- CA repository carep/ hosting the trust anchors and the IGTF build tools
- utilities provided by the IGTF, including the old (v2) fetch-crl, the LCG and EGI build tools, the PMA expiration-warning tool, and the GFD.125 compliance test suite
When working with the CA repository, make sure it remains consistent and secure, and periodically check for intrusions by comparing with a local trusted host. The typical work flow is:
- go to your own secure build host
- do a "cvs update -A -R -d ." in the carep/ directory
- review manually any changes imported!
- apply your own updates and carefully review them for compliance with the PMA status, GFD.125 and a valid signing_policy and namespaces file (for all accredited CAs)
- update the CHANGES file in the top-level directory
- do a "cvs commit" of the tree, checking if all changes made were found, and the CHANGES file updated
